As those of you following policy issues in Europe are aware, data protection and online privacy are hot topics in Brussels at the moment. In fact, these are getting a lot of attention from governments, companies and consumers all over the EU. At the forefront of the discussion is the upcoming publication of the Commission’s proposal to update EU data protection rules, which should appear at the end of the year.
There is also ongoing attention to how the more recent e-Privacy Directive is working, with many Member States still transposing the Directive into their national law – despite the deadline having passed! And many of us are leafing through a recent European Commission report on the Data Retention Directive, which the European Data Protection Supervisor has criticised as not doing enough to respect citizens’ privacy. Can we expect more reforms in this area?
Microsoft takes privacy and data protection very seriously. We are working with consumer organisations around the world to ensure that consumers are aware of what happens to their data when they connect to the internet – and how to keep control over it. We have also sponsored a series of data protection events in Brussels where European schools compete to educate pupils on behaving responsibly online.
Probably most importantly, we support privacy and data protection principles in the design of our products – whether it’s Xbox, Kinect, Windows Phone or our core range of Microsoft Windows and Office products.
An important example is our Internet Explorer browser. Internet Explorer 8 was the first browser with “InPrivate Browsing,” a feature that prevents your browsing history and temporary internet files – such as data, cookies, usernames and passwords – from being retained by the browser, which means that there is virtually no trace of an online session carried out using that feature.
With the release of Internet Explorer 9, we added another groundbreaking tool called Tracking protection, now available in 93 languages. We believe that this is an important further step forward in giving consumers control over how information is shared with third parties.
Tracking protection is designed to deal with the reality that websites increasingly pull in content from multiple sources for display and interaction. This inherent design of today’s internet today does have tremendous benefits and efficiencies for consumers and sites alike. It also means, however, that consumers may be sharing information with more websites than the one they see in the address bar of their browser.
Tracking protection helps to provide consumers additional control and transparency on how their information is shared online in this current internet environment. It relies on “Tracking Protection Lists” that privacy organisations, other third parties or consumers themselves may develop. By installing a “Do Not Call” Tracking Protection List, a consumer blocks content related to any website on that list, ensuring that unwanted websites do not have access to the user’s data. It is also possible for consumers to install an “OK to Call” Tracking Protection List, which allows the listed entities to have access to the user’s data.
There are a number of Tracking Protection Lists already available, which have been developed by security firms and privacy advocates. We are excited about the fact that European privacy professionals have started to build lists specifically tailored for our region. We expect this ecosystem to grow as others build on these efforts.
We believe it is important to give consumers choice and control when it comes to their data. There can be instances when the sharing and saving of data can be very useful, and then there can be times when consumers do not want their data to be saved. With online advertising, for example, some consumers may feel that behavioural tracking, which allows an advertising service to serve up offers more relevant to the user, is a great way to save time and to see what’s out there. Others may find this unnecessary and intrusive. Microsoft firmly believes in putting such choices into the hands of the user.
For years, we have given users the ability to opt out of targeted advertising from Microsoft. Users can also tie their choices about targeted advertising to their Windows Live ID, so that their choices will apply across multiple devices – including smartphones – whenever they sign in to Windows Live. We will also be participating in the European self-regulatory program for the ad industry in order to support enhanced visibility and choice for all users.
The protection of consumer’s information online is a complex area with many different stakeholders involved – website owners, browser companies, the online advertising ecosystem and many others – and requires all stakeholders to work together to deliver an integrated and effective approach, which includes consumer education, industry initiatives and self-regulatory programmes, privacy enhancing technologies, and of course an effective legislative framework. We look forward to a continuation of the constructive dialog on these topics.